355958fe70b828a8868652b7503a4fded500c9a8834a339385cc31aa7bdd1c8e

Analysis

max time kernel
134s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 07:03

Target

11a9d9e9ea1084d3f4931e1755db518a.exe
Size

2.4MB
MD5

11a9d9e9ea1084d3f4931e1755db518a
SHA1

1bd24e372c102ca03ae349bdaba3907990f3e191
SHA256

355958fe70b828a8868652b7503a4fded500c9a8834a339385cc31aa7bdd1c8e
SHA512

3a37aef227f116fa9e281be095314fb4bef69d1d1c71b7ad1b634309566fd4f77464f8361292b38d6f65bcb973aad9c604282b42e81d0868288af2d0fa8a0872
SSDEEP

49152:MkHySIP1FRan+0nx52CELRgP4M338dB2IBlGuuDVUsdxxjr:TSP1KBnbeggg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1068	11a9d9e9ea1084d3f4931e1755db518a.exe

Executes dropped EXE 1 IoCs

pid	Process
1068	11a9d9e9ea1084d3f4931e1755db518a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4328-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000002276d-11.dat	upx
behavioral2/memory/1068-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4328	11a9d9e9ea1084d3f4931e1755db518a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4328	11a9d9e9ea1084d3f4931e1755db518a.exe
1068	11a9d9e9ea1084d3f4931e1755db518a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 1068	4328	11a9d9e9ea1084d3f4931e1755db518a.exe	91
PID 4328 wrote to memory of 1068	4328	11a9d9e9ea1084d3f4931e1755db518a.exe	91
PID 4328 wrote to memory of 1068	4328	11a9d9e9ea1084d3f4931e1755db518a.exe	91

C:\Users\Admin\AppData\Local\Temp\11a9d9e9ea1084d3f4931e1755db518a.exe

Filesize
2.1MB

MD5
426b037975cfee97316e4f13564c5435

SHA1
e1eadc3cbd22a9ac019f5d11438113bd5b4d3b42

SHA256
47ad79f4e780680afdfa92671c8aa6b7d972564029f8ea88515a1b41b0bc7565

SHA512
66e034270c397159d4bc005a846838a62870366cc270cec685d8ad7bf59498292549d1c8ce73c56c480825b63428040056821c5b03919be8ba0417fddcaaad28

Download Submit
memory/1068-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1068-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1068-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1068-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/1068-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1068-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4328-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4328-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4328-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4328-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download